PHP fread path

I am trying to fopen a file and read it, but it is on another server. For example, I try opening "http://www.google.com", and it says it cannot find the specified file in the current directory.
I need to open a dir on another server and get a list of the items. I just want to know how to fix the "file not found in current directory" problem. Thank you

Author

RE: PHP fread path

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 12-10-06 20:42

Code

$code = file_get_contents("http://www.example.com");

Edited by on 12-10-06 20:43

Author

RE: PHP fread path

That doesn't work because when you open the directory anyway it shows a file. For example in HBH, when you open HBH.com/challenges, it shows a web page, not the directory listing. I want to see the files in the directory i'm trying to view. Thank you

Author

RE: PHP fread path

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 13-10-06 00:46

Oh. That can't be done, PHP doesn't have any more access to a remote server than your browser has. Have a read of this for info on what goes on when you request just a folder:
http://www.criticalsecurity.net/index.php?showtopic=17091

Author

RE: PHP fread path

Here's the whole thing:
I am trying to get files in which are stored passwords and grades. I have a script that will decrypt the file names to get the password, if I can get the file name.
Here's to sum it up:
In a folder, are all the 7th grade grades in my school. For a newspaper article I have to write about the insecurity of the school grade system. It is not aacessible online, they just update the info manually I think or import it from easy grade pro. I want to see what's in the folder. If you wanted to know what was in the folder, what would you do?

Author

RE: PHP fread path

If it is the latter I would write up a Visual Basic program(or any other language) that is in general a file browser and find the server. That is how I found flaws in my highschools system and became an admin :evil:

RE: PHP fread path

I is a web server.
Pretend this is a realistic challenge and all the answers are in one folder, but you don't know the file names. They don't use any server side language, so it is kind of hard to find the file names. The passwords are on the internet but you can't get the file names. That's it? It is basically impossible?

Anyway, if you were trying to find the name of a file, and had no exploits you could use to get a directory listing, then you could use a word list of possible files, but they're probably CHMOD'd so you can not access them. Chances are even if you knew the name of hte files, you could not access them. (Well, hopefully not, for security's sake.)

Author

RE: PHP fread path

Zekasu, thanks for the article list.
They would not have a CHMOD not allowing me to view the files. For the login system they use JAVASCRIPT! You think they could use CHMOD if they can't use a server side language?
Anyway, a word list would not have the name of the files, because the names are an encrypted version of our last names and our passwords. Just for the heck of it, here are the links:
Here are my grades:
http://ingenuityproject.org/ingenuity_schools/rolandpark/bacon/Term1735SCI/rbij56KY5.html
Here is the source of the encryption method:
view-source:http://ingenuityproject.org/ingenuity_schools/rolandpark/bacon/frame1.html
Here is the general sign in page:
http://ingenuityproject.org/ingenuity_schools/rolandpark/bacon/

See the link of the grades? it is an encrypted name, so it would probably not appear in the jtr or cain list of words.
There is one hope though: Soial engineering. I could email the maker of the sign in system with a fake email and ask for a database backup, because it crashed, or something like that. Of course that would lean a little more towards tricking than to hacking, but it would still prove the insecureness of their system.

Hellbound Hackers is the collective work of the staff and the community and is therefore licensed under the CC BY-NC-SA license.